#!/bin/bash
###
 # @Author: didiplus
 # @Description: 
 # @Date: 2025-06-19 11:29:58
 # @LastEditors: didiplus
 # @LastEditTime: 2025-06-19 23:29:57
 # @FilePath: /script/SecGuardian/main.sh
 # @Version: 1.0
### 

# 获取脚本所在目录
source ./modules/configure_sshd_config.sh
source ./modules/configure_password_expiration_and_pam_pwquality.sh
source ./modules/audit_perm_fix.sh
source ./modules/secure_sysctl.sh

# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # 重置颜色

# 主菜单函数
show_main_menu() {
    clear
    echo -e "${YELLOW}========================================"
    echo -e "      企业级系统等保加固配置工具 v1.0"
    echo -e "========================================${NC}"
    echo -e "${GREEN}1. SSH服务安全加固"
    echo -e "2. 密码策略强化配置"
    echo -e "3. 防火墙策略配置"
    echo -e "4. 文件权限审计与修复"
    echo -e "5. 日志审计配置"
    echo -e "6. 内核参数安全优化"
    echo -e "7. 执行全部加固项"
    echo -e "0. 退出程序${NC}"
    echo -e "${YELLOW}========================================${NC}"
}

# 主程序逻辑
while true; do
    show_main_menu
    read -p "请选择要执行的加固项（多选用逗号分隔, 例:1,3）或 0 退出: " selections
    
    # 退出检测
    if [[ "$selections" == "0" ]]; then
        echo -e "${YELLOW}已退出等保加固程序${NC}"
        exit 0
    fi
    
    # 处理多选
    IFS=',' read -ra selected_options <<< "$selections"
    
    # # 执行全部选项
    # if printf '%s\n' "${selected_options[@]}" | grep -q '7'; then
    #     echo -e "${YELLOW}[*] 开始执行全部加固项${NC}"
    #     configure_sshd_config
    #     configure_password_policy
    #     configure_firewall
    #     # 其他加固函数调用...
    #     echo -e "${YELLOW}[√] 全部加固项执行完成！${NC}"
    #     exit 0
    # fi
    
    # 执行选定选项
    for option in "${selected_options[@]}"; do
        case $option in
            1)
                configure_sshd_config
                ;;
            2)
                configure_password_expiration_and_pam_pwquality
                ;;
            3)
                echo -e "${GREEN}[+] 防火墙策略配置${NC}"
                ;;
            4)
                audit_and_fix_permissions
                ;;
            5)
                echo -e "${GREEN}[+] 日志审计功能待实现${NC}"
                ;;
            6)
                secure_sysctl
                ;;
            *)
                echo -e "${RED}错误：无效选项 $option${NC}"
                ;;
        esac
    done
    
    # 询问是否继续
    read -p "是否继续其他操作？(y/n): " continue_choice
    if [[ "$continue_choice" != "y" ]]; then
        echo -e "${YELLOW}已退出等保加固程序${NC}"
        exit 0
    fi
done